Skip to content

Harden API security and resolve CodeQL alerts#15

Merged
bnz183 merged 1 commit into
mainfrom
fix/codeql-security-hardening
Jun 9, 2026
Merged

Harden API security and resolve CodeQL alerts#15
bnz183 merged 1 commit into
mainfrom
fix/codeql-security-hardening

Conversation

@bnz183

@bnz183 bnz183 commented Jun 9, 2026

Copy link
Copy Markdown
Owner

Summary

  • Adds API rate limiting before body parsing, with stricter limits on auth and write endpoints
  • Adds scrypt admin password hash support and safer dotenv serialization
  • Upgrades Cloudinary signing to SHA-256 and replaces hand-rolled Ghost JWT HMAC with jose
  • Replaces regex-based path normalization with deterministic helpers
  • Adds explicit least-privilege GitHub Actions workflow permissions

Test plan

  • pnpm build
  • pnpm test
  • pnpm test:e2e

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@bnz183 bnz183 merged commit aa63c4e into main Jun 9, 2026
7 checks passed
@bnz183 bnz183 deleted the fix/codeql-security-hardening branch June 9, 2026 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant